First Flight #11: Snek-Raffle
First Flight #11
Beginner FriendlyFoundryNFT
100 EXP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Event Emission for Requested Raffle Winner in `snek_raffle::request_raffle_winner`

4rdiii

[L-2] Missing Event Emission for Requested Raffle Winner in snek_raffle::request_raffle_winner

Description:
The RequestedRaffleWinner event is defined in the events definition section of the smart contract. However, the request_raffle_winner function does not emit any events when the random number is requested.

Impact:
The event definition is excessive, and there is no easy access to requestIds. This could lead to difficulties in tracking the request for a random winner, especially for external observers or participants who might be interested in the outcome of the raffle.

Proof of Concept:

# Events
@> event RequestedRaffleWinner:
request_id: indexed(uint256)
.
.
.
@external
def request_raffle_winner() -> uint256:
"""Request a random winner from the VRF Coordinator after a raffle has completed."""
is_open: bool = RaffleState.OPEN == self.raffle_state
time_passed: bool = (block.timestamp - self.last_timestamp) > RAFFLE_DURATION
has_players: bool = len(self.players) > 0
has_balance: bool = self.balance > 0
assert is_open and time_passed and has_players and has_balance, ERROR_NOT_ENDED
self.raffle_state = RaffleState.CALCULATING
request_id: uint256 = VRF_COORDINATOR.requestRandomWords(
GAS_LANE,
SUBSCRIPTION_ID,
REQUEST_CONFIRMATIONS,
CALLBACK_GAS_LIMIT,
NUM_WORDS
)
@> #@audit No event emission here!
return ERC721._total_supply()

Recommended Mitigation: To address this issue, the request_raffle_winner function should emit the RequestedRaffleWinner event to signal that a raffle winner has been requested. This change ensures that the function's actions are clearly communicated and can be easily tracked. Here's an example of how this could be implemented:

@external
def request_raffle_winner() -> uint256:
"""Request a random winner from the VRF Coordinator after a raffle has completed."""
is_open: bool = RaffleState.OPEN == self.raffle_state
time_passed: bool = (block.timestamp - self.last_timestamp) > RAFFLE_DURATION
has_players: bool = len(self.players) > 0
has_balance: bool = self.balance > 0
assert is_open and time_passed and has_players and has_balance, ERROR_NOT_ENDED
self.raffle_state = RaffleState.CALCULATING
request_id: uint256 = VRF_COORDINATOR.requestRandomWords(
GAS_LANE,
SUBSCRIPTION_ID,
REQUEST_CONFIRMATIONS,
CALLBACK_GAS_LIMIT,
NUM_WORDS
)
+ log RequestedRaffleWinner(request_id)
return ERC721._total_supply()
Updates

Lead Judging Commences

inallhonesty Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.